CVE-2013-5003

CVE-2013-5003 affects phpMyAdmin 3.5.x < 3.5.8.2 and 4.0.x

CVE-2013-5002

Summary (CVE-2013-5002): phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 contain a cross-site scripting (XSS) vulnerability. An authenticated remote user can inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php. The issue arises in libraries/schema/Expo...

CVE-2013-4997

CVE-2013-4997 affects phpMyAdmin 3.5.x before 3.5.8.2, enabling remote XSS via a JavaScript event in an anchor to setup/index.php or in the chartTitle value. Impact is arbitrary script execution in the same user context. Remediation: upgrade to phpMyAdmin 3.5.8.2 or newer (per linked advisories)....

CVE-2013-4998

CVE-2013-4998 affects phpMyAdmin, specifically 3.5.x (before 3.5.8.2) and 4.0.x (before 4.0.4.2). The vulnerability allows remote attackers to disclose sensitive information by triggering an error message that reveals the installation path, via pmd_common.php and related files. The issue impacts ...

CVE-2013-4997

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in 1 an anchor identifier to setup/index.php or 2 a chartTitle aka chart title value...

CVE-2013-5003

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via 1 the scale parameter to pmdpdf.php or 2 the pdfpagenumber parameter to schemaexport.php...

CVE-2013-4995

Cross-site scripting XSS vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information...

CVE-2013-4998

phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmdcommon.php and other files...

Updated phpmyadmin packages fix security vulnerabilities

Using a crafted SQL query, it was possible to produce an XSS on the SQL query form PMASA-2013-8CVE-2013-4995. In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display chart view, a chart title containing HTML code was rendered...

MGASA-2013-0238 Updated phpmyadmin packages fix security vulnerabilities

Using a crafted SQL query, it was possible to produce an XSS on the SQL query form PMASA-2013-8CVE-2013-4995. In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display chart view, a chart title containing HTML code was rendered...

FreeBSD : phpMyAdmin -- multiple vulnerabilities (f4a0212f-f797-11e2-9bb9-6805ca0b3d42)

The phpMyAdmin development team reports : XSS due to unescaped HTML Output when executing a SQL query. 5 XSS vulnerabilities in setup, chart display, process list, and logo link. If a crafted version.json would be presented, an XSS could be introduced. Full path disclosure vulnerabilities. XSS...

SQL injection vulnerabilities, producing a privilege escalation (control user).

PMASA-2013-15 Announcement-ID: PMASA-2013-15 Date: 2013-07-28 Updated: 2013-08-06 Summary SQL injection vulnerabilities, producing a privilege escalation control user. Description Due to a missing validation of parameters passed to schemaexport.php and pmdpdf.php, it was possible to inject SQL...

If a crafted version.json would be presented, an XSS could be introduced.

PMASA-2013-11 Announcement-ID: PMASA-2013-11 Date: 2013-07-28 Updated: 2013-07-30 Summary If a crafted version.json would be presented, an XSS could be introduced. Description Due to not properly validating the version.json file, which is fetched from the phpMyAdmin.net website, could lead to an...

Self-XSS due to unescaped HTML output in schema export.

PMASA-2013-14 Announcement-ID: PMASA-2013-14 Date: 2013-07-28 Updated: 2013-07-30 Summary Self-XSS due to unescaped HTML output in schema export. Description When calling schemaexport.php with crafted parameters, it is possible to trigger an XSS. Severity We consider this vulnerability to be non...

5 XSS vulnerabilities in setup, chart display, process list, and logo link.

PMASA-2013-9 Announcement-ID: PMASA-2013-9 Date: 2013-07-28 Updated: 2013-07-30 Summary 5 XSS vulnerabilities in setup, chart display, process list, and logo link. Description In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display...

phpMyAdmin -- multiple vulnerabilities

The phpMyAdmin development team reports: XSS due to unescaped HTML Output when executing a SQL query. 5 XSS vulnerabilities in setup, chart display, process list, and logo link. If a crafted version.json would be presented, an XSS could be introduced. Full path disclosure vulnerabilities. XSS...

XSS vulnerability when a text to link transformation is used.

PMASA-2013-13 Announcement-ID: PMASA-2013-13 Date: 2013-07-28 Updated: 2013-07-30 Summary XSS vulnerability when a text to link transformation is used. Description When the TextLinkTransformationPlugin is used to create a link to an object when displaying the contents of a table, the object name ...

Full path disclosure vulnerabilities.

PMASA-2013-12 Announcement-ID: PMASA-2013-12 Date: 2013-07-28 Updated: 2013-07-30 Summary Full path disclosure vulnerabilities. Description By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains...

XSS due to unescaped HTML Output when executing a SQL query.

PMASA-2013-8 Announcement-ID: PMASA-2013-8 Date: 2013-07-28 Updated: 2013-07-30 Summary XSS due to unescaped HTML Output when executing a SQL query. Description Using a crafted SQL query, it was possible to produce an XSS on the SQL query form. Severity We consider these vulnerabilities to be non...

phpMyAdmin 3.5.x < 3.5.8.1 / 4.x < 4.0.0-rc3 Multiple Vulnerabilities

Binary data 6933.prm...